Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 19 Apr 1998 13:25:50 -0400 (EDT)
From:      Robert Watson <robert@cyrus.watson.org>
To:        fpscha@schapachnik.com.ar
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: suid/sgid programs
Message-ID:  <Pine.BSF.3.96.980419132245.18223A-100000@trojanhorse.pr.watson.org>
In-Reply-To: <199804190326.AAA00487@localhost.schapachnik.com.ar>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, 19 Apr 1998, Fernando P. Schapachnik wrote:

> En un mensaje anterior Robert Watson escribi˘:
> [...]
> > We note also that a fairly large chunk of suid/sgid programs are UUCP
> > programs -- something that a majority of FreeBSD users (I would guess?) do
> > not use.  In terms of reducing risk, disabling suid/sgid on these programs
> 
> Don't be so sure. FreeBSD boxes are an excellent choice for UUCP servers. 
> Actually I have a few running (and planning to install more).

I had more in mind a toggle on our Hardening interface that essentially
allowed the user to "turn off" categories of suid programs in the base
installation.  FreeBSD would still ship with the suid flags turned on for
UUCP, but there would be a central administrative toggle for it.  Don't
get me wrong -- I used UUCP to ship mail and news for a number of years,
and am fully appreciative of the service it offers in a weakly connected
environment.

However, I suspect that the majority of users who would be interested in
the hardening project (i.e., web servers, firewall machines, large
multi-user setups) are probably not using UUCP and can only benefit from
any easy way to disable any potential security problems involved,

  Robert N Watson 


----
Carnegie Mellon University  http://www.cmu.edu/
Trusted Information Systems http://www.tis.com/
SafePort Network Services   http://www.safeport.com/
robert@fledge.watson.org    http://www.watson.org/~robert/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980419132245.18223A-100000>